ei
/
mtg
mirror of https://github.com/9seconds/mtg
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 48 Wiki Activity
Highly-opinionated (ex-bullshit-free) MTPROTO proxy for Telegram. If you use v1.0 or upgrade broke you proxy, please read the chapter Version 2
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
519 Commits
4 Branches
Tree: 23519913f2
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '23519913f2'
${ noResults }
mtg/ipblocklist/firehol.go

firehol.go 6.9KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343 
  1. package ipblocklist

  2. 

  3. import (

  4. 	"bufio"

  5. 	"context"

  6. 	"fmt"

  7. 	"io"

  8. 	"io/ioutil"

  9. 	"net"

  10. 	"net/http"

  11. 	"net/url"

  12. 	"os"

  13. 	"regexp"

  14. 	"strings"

  15. 	"sync"

  16. 	"time"

  17. 

  18. 	"github.com/9seconds/mtg/v2/mtglib"

  19. 	"github.com/kentik/patricia"

  20. 	"github.com/kentik/patricia/bool_tree"

  21. 	"github.com/panjf2000/ants/v2"

  22. )

  23. 

  24. const (

  25. 	fireholIPv4DefaultCIDR = 32

  26. 	fireholIPv6DefaultCIDR = 128

  27. )

  28. 

  29. var fireholRegexpComment = regexp.MustCompile(`\s*#.*?$`)

  30. 

  31. type Firehol struct {

  32. 	ctx       context.Context

  33. 	ctxCancel context.CancelFunc

  34. 	logger    mtglib.Logger

  35. 

  36. 	rwMutex sync.RWMutex

  37. 

  38. 	remoteURLs []string

  39. 	localFiles []string

  40. 

  41. 	httpClient *http.Client

  42. 	workerPool *ants.Pool

  43. 

  44. 	treeV4 *bool_tree.TreeV4

  45. 	treeV6 *bool_tree.TreeV6

  46. }

  47. 

  48. func (f *Firehol) Contains(ip net.IP) bool {

  49. 	if ip == nil {

  50. 		return true

  51. 	}

  52. 

  53. 	ip4 := ip.To4()

  54. 

  55. 	f.rwMutex.RLock()

  56. 	defer f.rwMutex.RUnlock()

  57. 

  58. 	if ip4 != nil {

  59. 		return f.containsIPv4(ip4)

  60. 	}

  61. 

  62. 	return f.containsIPv6(ip.To16())

  63. }

  64. 

  65. func (f *Firehol) containsIPv4(addr net.IP) bool {

  66. 	ip := patricia.NewIPv4AddressFromBytes(addr, 32)

  67. 

  68. 	if ok, _, err := f.treeV4.FindDeepestTag(ip); ok && err == nil {

  69. 		return true

  70. 	}

  71. 

  72. 	return false

  73. }

  74. 

  75. func (f *Firehol) containsIPv6(addr net.IP) bool {

  76. 	ip := patricia.NewIPv6Address(addr, 128)

  77. 

  78. 	if ok, _, err := f.treeV6.FindDeepestTag(ip); ok && err == nil {

  79. 		return true

  80. 	}

  81. 

  82. 	return false

  83. }

  84. 

  85. func (f *Firehol) Run(updateEach time.Duration) {

  86. 	ticker := time.NewTicker(updateEach)

  87. 

  88. 	defer func() {

  89. 		ticker.Stop()

  90. 

  91. 		select {

  92. 		case <-ticker.C:

  93. 		default:

  94. 		}

  95. 	}()

  96. 

  97. 	if err := f.update(); err != nil {

  98. 		f.logger.WarningError("cannot update blocklist", err)

  99. 	}

  100. 

  101. 	for {

  102. 		select {

  103. 		case <-f.ctx.Done():

  104. 			return

  105. 		case <-ticker.C:

  106. 			if err := f.update(); err != nil {

  107. 				f.logger.WarningError("cannot update blocklist", err)

  108. 			}

  109. 		}

  110. 	}

  111. }

  112. 

  113. func (f *Firehol) Shutdown() {

  114. 	f.ctxCancel()

  115. }

  116. 

  117. func (f *Firehol) update() error { // nolint: funlen, cyclop

  118. 	ctx, cancel := context.WithCancel(f.ctx)

  119. 	defer cancel()

  120. 

  121. 	wg := &sync.WaitGroup{}

  122. 	wg.Add(len(f.remoteURLs) + len(f.localFiles))

  123. 

  124. 	treeMutex := &sync.Mutex{}

  125. 	v4tree := bool_tree.NewTreeV4()

  126. 	v6tree := bool_tree.NewTreeV6()

  127. 

  128. 	errorChan := make(chan error, 1)

  129. 	defer close(errorChan)

  130. 

  131. 	for _, v := range f.localFiles {

  132. 		go func(filename string) {

  133. 			defer wg.Done()

  134. 

  135. 			if err := f.updateLocalFile(ctx, filename, treeMutex, v4tree, v6tree); err != nil {

  136. 				cancel()

  137. 				f.logger.BindStr("filename", filename).WarningError("cannot update", err)

  138. 

  139. 				select {

  140. 				case errorChan <- err:

  141. 				default:

  142. 				}

  143. 			}

  144. 		}(v)

  145. 	}

  146. 

  147. 	for _, v := range f.remoteURLs {

  148. 		value := v

  149. 

  150. 		f.workerPool.Submit(func() { // nolint: errcheck

  151. 			defer wg.Done()

  152. 

  153. 			if err := f.updateRemoteURL(ctx, value, treeMutex, v4tree, v6tree); err != nil {

  154. 				cancel()

  155. 				f.logger.BindStr("url", value).WarningError("cannot update", err)

  156. 

  157. 				select {

  158. 				case errorChan <- err:

  159. 				default:

  160. 				}

  161. 			}

  162. 		})

  163. 	}

  164. 

  165. 	wg.Wait()

  166. 

  167. 	select {

  168. 	case err := <-errorChan:

  169. 		return fmt.Errorf("cannot update trees: %w", err)

  170. 	default:

  171. 	}

  172. 

  173. 	f.rwMutex.Lock()

  174. 	defer f.rwMutex.Unlock()

  175. 

  176. 	f.treeV4 = v4tree

  177. 	f.treeV6 = v6tree

  178. 

  179. 	return nil

  180. }

  181. 

  182. func (f *Firehol) updateLocalFile(ctx context.Context, filename string,

  183. 	mutex sync.Locker,

  184. 	v4tree *bool_tree.TreeV4, v6tree *bool_tree.TreeV6) error {

  185. 	filefp, err := os.Open(filename)

  186. 	if err != nil {

  187. 		return fmt.Errorf("cannot open file: %w", err)

  188. 	}

  189. 

  190. 	go func(ctx context.Context, closer io.Closer) {

  191. 		<-ctx.Done()

  192. 		closer.Close()

  193. 	}(ctx, filefp)

  194. 

  195. 	defer filefp.Close()

  196. 

  197. 	return f.updateTrees(mutex, filefp, v4tree, v6tree)

  198. }

  199. 

  200. func (f *Firehol) updateRemoteURL(ctx context.Context, url string,

  201. 	mutex sync.Locker,

  202. 	v4tree *bool_tree.TreeV4, v6tree *bool_tree.TreeV6) error {

  203. 	req, err := http.NewRequestWithContext(ctx, http.MethodGet, url, nil)

  204. 	if err != nil {

  205. 		return fmt.Errorf("cannot build a request: %w", err)

  206. 	}

  207. 

  208. 	resp, err := f.httpClient.Do(req) // nolint: bodyclose

  209. 	if err != nil {

  210. 		return fmt.Errorf("cannot request a remote URL %s: %w", url, err)

  211. 	}

  212. 

  213. 	go func(ctx context.Context, closer io.Closer) {

  214. 		<-ctx.Done()

  215. 		closer.Close()

  216. 	}(ctx, resp.Body)

  217. 

  218. 	defer func(rc io.ReadCloser) {

  219. 		io.Copy(ioutil.Discard, rc) // nolint: errcheck

  220. 		rc.Close()

  221. 	}(resp.Body)

  222. 

  223. 	return f.updateTrees(mutex, resp.Body, v4tree, v6tree)

  224. }

  225. 

  226. func (f *Firehol) updateTrees(mutex sync.Locker,

  227. 	reader io.Reader,

  228. 	v4tree *bool_tree.TreeV4,

  229. 	v6tree *bool_tree.TreeV6) error {

  230. 	scanner := bufio.NewScanner(reader)

  231. 

  232. 	for scanner.Scan() {

  233. 		text := scanner.Text()

  234. 		text = fireholRegexpComment.ReplaceAllLiteralString(text, "")

  235. 		text = strings.TrimSpace(text)

  236. 

  237. 		if text == "" {

  238. 			continue

  239. 		}

  240. 

  241. 		ip, cidr, err := f.updateParseLine(text)

  242. 		if err != nil {

  243. 			return fmt.Errorf("cannot parse a line: %w", err)

  244. 		}

  245. 

  246. 		if err := f.updateAddToTrees(ip, cidr, mutex, v4tree, v6tree); err != nil {

  247. 			return fmt.Errorf("cannot add a node to the tree: %w", err)

  248. 		}

  249. 	}

  250. 

  251. 	if scanner.Err() != nil {

  252. 		return fmt.Errorf("cannot parse a response: %w", scanner.Err())

  253. 	}

  254. 

  255. 	return nil

  256. }

  257. 

  258. func (f *Firehol) updateParseLine(text string) (net.IP, uint, error) {

  259. 	_, ipnet, err := net.ParseCIDR(text)

  260. 	if err != nil {

  261. 		ipaddr := net.ParseIP(text)

  262. 		if ipaddr == nil {

  263. 			return nil, 0, fmt.Errorf("incorrect ip address %s", text)

  264. 		}

  265. 

  266. 		ip4 := ipaddr.To4()

  267. 		if ip4 != nil {

  268. 			return ip4, fireholIPv4DefaultCIDR, nil

  269. 		}

  270. 

  271. 		return ipaddr.To16(), fireholIPv6DefaultCIDR, nil

  272. 	}

  273. 

  274. 	ones, _ := ipnet.Mask.Size()

  275. 

  276. 	return ipnet.IP, uint(ones), nil

  277. }

  278. 

  279. func (f *Firehol) updateAddToTrees(ip net.IP, cidr uint,

  280. 	mutex sync.Locker,

  281. 	v4tree *bool_tree.TreeV4, v6tree *bool_tree.TreeV6) error {

  282. 	mutex.Lock()

  283. 	defer mutex.Unlock()

  284. 

  285. 	if ip.To4() != nil {

  286. 		addr := patricia.NewIPv4AddressFromBytes(ip, cidr)

  287. 

  288. 		if _, _, err := v4tree.Set(addr, true); err != nil {

  289. 			return err // nolint: wrapcheck

  290. 		}

  291. 	} else {

  292. 		addr := patricia.NewIPv6Address(ip, cidr)

  293. 

  294. 		if _, _, err := v6tree.Set(addr, true); err != nil {

  295. 			return err // nolint: wrapcheck

  296. 		}

  297. 	}

  298. 

  299. 	return nil

  300. }

  301. 

  302. func NewFirehol(logger mtglib.Logger, network mtglib.Network,

  303. 	downloadConcurrency uint,

  304. 	remoteURLs []string,

  305. 	localFiles []string) (*Firehol, error) {

  306. 	for _, v := range remoteURLs {

  307. 		parsed, err := url.Parse(v)

  308. 		if err != nil {

  309. 			return nil, fmt.Errorf("incorrect url %s: %w", v, err)

  310. 		}

  311. 

  312. 		switch parsed.Scheme {

  313. 		case "http", "https":

  314. 		default:

  315. 			return nil, fmt.Errorf("unsupported url %s", v)

  316. 		}

  317. 	}

  318. 

  319. 	for _, v := range localFiles {

  320. 		if stat, err := os.Stat(v); os.IsNotExist(err) || stat.IsDir() || stat.Mode().Perm()&0o400 == 0 {

  321. 			return nil, fmt.Errorf("%s is not a readable file", v)

  322. 		}

  323. 	}

  324. 

  325. 	if downloadConcurrency == 0 {

  326. 		downloadConcurrency = 1

  327. 	}

  328. 

  329. 	workerPool, _ := ants.NewPool(int(downloadConcurrency))

  330. 	ctx, cancel := context.WithCancel(context.Background())

  331. 

  332. 	return &Firehol{

  333. 		ctx:        ctx,

  334. 		ctxCancel:  cancel,

  335. 		logger:     logger.Named("firehol"),

  336. 		httpClient: network.MakeHTTPClient(nil),

  337. 		treeV4:     bool_tree.NewTreeV4(),

  338. 		treeV6:     bool_tree.NewTreeV6(),

  339. 		workerPool: workerPool,

  340. 		remoteURLs: remoteURLs,

  341. 		localFiles: localFiles,

  342. 	}, nil

  343. }